IT Cybersecurity Sr Analyst
The posted compensation range of $44.83 - $65.00 /hour is a reasonable estimate that extends from the lowest to the highest pay CommonSpirit in good faith believes it might pay for this particular job, based on the circumstances at the time of posting. CommonSpirit may ultimately pay more or less than the posted range as permitted by law.
CommonSpirit Health was formed by the alignment of Catholic Health Initiatives (CHI) and Dignity Health. With more than 700 care sites across the U.S. from clinics and hospitals to home-based care and virtual care services CommonSpirit is accessible to nearly one out of every four U.S. residents. Our world needs compassion like never before. Our communities need caring and our families need protection. With our combined resources CommonSpirit is committed to building healthy communities advocating for those who are poor and vulnerable and innovating how and where healing can happen both inside our hospitals and out in the community.
CommonSpirit Health is the second largest not-for-profit health care provider in the United States. With 142 hospitals and over 700 care sites across 21 states, CommonSpirit cares for millions of patients each year and employs over 150,000 people. As a mission-driven health system, CommonSpirit is committed to building healthier communities, advocating for the poor and disenfranchised, and innovating how and where healing can happen—both inside our hospitals and out in the community.
The Cybersecurity Sr Analyst supports the CommonSpirit Cyber Data Governance program. This program is responsible for designing and implementing policies and procedures to safeguard confidential information, protected health information as well as other sensitive information while balancing business requirements and policy limitations to ensure productivity and data protection.
The position supports and helps lead the Data Loss Prevention team’s efforts within the organization. This program is responsible for designing policies and procedures within our suite of DLP tools. This includes managing the balance of business requirements and policy limitations to ensure an acceptable level of productivity for employees while protecting patient’s personal data. The position also requires a good understanding of enterprise information security practices and information protection/security applications at the application, endpoint, server, and network infrastructure levels. This position works closely within the Cyber towers as well as engages with other CSH business partners at all levels of the organization.
Responsibilities
*This is a Remote Opportunity
- Advanced support to the CommonSpirit Data Loss Prevention and Data Protection program. Supports junior analysts in maintaining service levels. Under guidance from the System Director, mentors and checks the work of junior analysts.
- Independently conducts investigations and reports on inappropriate use of CommonSpirit confidential information. Monitors and analyzes information from multiple applications/resources to identify information security risks and compliance gaps related to the protection of confidential information.
- Exercises judgment within defined practices and policies in engaging and providing guidance to end users, business teams, Regional Cybersecurity Officers, Corporate Responsibility Officer and Regional Privacy Officers regarding highly complex information security issues.
- Creates monthly reports of key risk indicators, performance, and success, highlighting areas in need of improvement and making recommendations.
- Participates in the design, documentation, and implementation of policies and procedures for monitoring confidential information. Collaborates with IT, Cybersecurity, business, and operations teams to institute mitigating controls. Develops and maintains user manuals, guides, and other program documentation.
- Works as an intermediary with teams in identifying and prioritizing remediation of information security risks and compliance gaps. Prepares actionable recommendations to mitigate identified risks and ensure compliance with policies and standards. Conducts independent information security reviews and risk assessments/compliance reviews for major programs in coordination with Cybersecurity and other functional groups.
- Performs assessments of current security technology, authentication systems, and data loss prevention tools, evaluating them against HIPAA, Federal and State Information Protection and Privacy regulations, CommonSpirit Cybersecurity policies/standards, and other relevant regulations pertaining to the protection of confidential information.
- Willing to participate in On-Call schedule for Que coverage 24x7 with a one (1) hour response expectation Service Level Agreement (SLA).
- Provides business-focused recommendations for improvement and implements procedural changes to ensure technical solutions align with organizational objectives, regulatory standards, and business needs.
- Facilitates and leads meetings supporting all phases of assigned projects.
- Fosters a partnered approach, building and maintaining strong productive working relationships with internal stakeholders within the business.
- Adheres to data policies and standards while enforcing the approved management of sensitive data in compliance with CSH business rules, legal, and governmental regulations.
- Mentors and grows the talents and abilities of junior analysts within the team.
- Ensures data integrity, accuracy, and reconciliation within reports and dashboards by reviewing, identifying, and resolving gaps and inconsistencies.
Qualifications
- Bachelor of Science degree in computer science with emphasis on information security or in a related technical field; equivalent work experience may be considered in lieu of degree.
- Experience with Sky-HIGH, Trellix ePO, and/or Varonis DatAdvantage Required
- Minimum of seven (7) years Required of progressive experience in information services, including five (5) years in systems security including implementation, maintenance and use of security products in a distributed enterprise environment.
- Minimum of four (4) years’ experience in a highly regulated industry: healthcare, finance, clinical research, or Federal (ex. FERC, NERC, DOD, etc.).
- Minimum of three (3) years’ experience with implementing and managing data loss prevention tools, policies, and rules.
- 5 years job related experience required
- 5+ years job related experience preferred
- Strength in verbal and written communication skills.
- Self Motivated
- Team Orientated.
Unless directed by a Collective Bargaining Agreement, applications for this position will be considered on a rolling basis. CommonSpirit Health cannot anticipate the date by which a successful candidate may be identified.
Apply
Depending on the position offered, CommonSpirit Health offers a generous benefit package, including but not limited to medical, prescription drug, dental, vision plans, life insurance, paid time off (full-time benefit eligible employees may receive a minimum of 14 paid time off days, including holidays annually), tuition reimbursement, retirement plan benefit(s) including, but not limited to, 401(k), 403(b), and other defined benefits offerings, as may be amended from time to time. For more information, please visit https://www.commonspirit.careers/benefits.
No featured jobs
No recently viewed jobs
You have no saved jobs
Equal Opportunity
CommonSpirit Health™ is an Equal Opportunity/Affirmative Action employer committed to a diverse and inclusive workforce. All qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, parental status, ancestry, veteran status, genetic information, or any other characteristic protected by law. For more information about your EEO rights as an applicant, please click here [PDF].
CommonSpirit Health™ will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c). External hires must pass a post-offer, pre-employment background check/drug screen. Qualified applicants with an arrest and/or conviction will be considered for employment in a manner consistent with federal and state laws, as well as applicable local ordinances, ban the box laws, including but not limited to the San Francisco and Los Angeles Fair Chance Ordinances. If you need a reasonable accommodation for any part of the employment process, please contact us by telephone at (415) 438-5575 and let us know the nature of your request. We will only respond to messages left that involve a request for a reasonable accommodation in the application process. We will accommodate the needs of any qualified candidate who requests a reasonable accommodation under the Americans with Disabilities Act (ADA). CommonSpirit Health™ participates in E-Verify.